I am using unbound and rspamd.
Unbound is configured as follows (snippet)
forward-zone:
name: “.”
Quad9 phising/malware site blocking DNS 9.9.9.9
forward-addr: 9.9.9.9
Quad9 2nd DNS
forward-addr: 149.112.112.112
Fallback if Quad9 is out: Google:
forward-addr: 8.8.4.4
It seems that rspamd doesn’t like that, because the DNS masters for multi.uribl.com and dnl.dnswl.org apparently do not like getting a DNS query forwarded from public DNS servers. Which produces errors like:
2019-12-28 17:47:20 #16267(controller) ; monitored; rspamd_monitored_dns_cb: DNS query blocked on multi.uribl.com (127.0.0.1 returned), possibly due to high volume
2019-12-28 17:47:20 #16267(controller) ; monitored; rspamd_monitored_dns_cb: DNS reply returned ‘no error’ for dwl.dnswl.org while ‘no records with this name’ was expected when querying for ‘TTE6_6BJCREYADp1do_TGob69-N7R.dwl.dnswl.org’(likely DNS spoofing or BL internal issues)
which breaks rspamd I think
So, I think (not sure) that I am supposed not to use a forwarder to a public DNS provider with rspamd. But that would mean I lose the advantage of Quad9. Hence, I was thinking that I m,ight need to tell unbound an exception for these domains, sidestepping the forwarding. Is that possible? (Does it solve my issue? I don’t know but I’d like to try).
Gerben Wierda
Chess and the Art of Enterprise Architecture
Mastering ArchiMate
Architecture for Real Enterprises at InfoWorld
On Slippery Ice at EAPJ